| commit | 5c3fd712a8e8224e2a08834dd1e30935b2a557d3 | [log] [tgz] |
|---|---|---|
| author | Matthew Denton <mpdenton@chromium.org> | Mon Jul 19 14:03:13 2021 |
| committer | Copybara-Service <copybara-worker@google.com> | Mon Jul 19 14:14:36 2021 |
| tree | 237ca19345af918097fb4017d9e889df47a5032d | |
| parent | 31a4e9056d8896a2da55995f45a05445c31e6d08 [diff] |
Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat"" This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9. Reason for revert: reland The fix included in the reland is that fstatat64() needs to be allowed in the broker process's seccomp policy. This CL also includes some extra tests that the kernel_stat structures match the layout the kernel expects. Bug: 1164975, 1199431 Test: trogdor Chromebook successfully boots and allows login. Original change's description: > Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat"" > > This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64. > > Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431 > > Original change's description: > > Reland "Linux sandbox syscall broker: use struct kernel_stat" > > > > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c. > > > > Original change's description: > > > Revert "Linux sandbox syscall broker: use struct kernel_stat" > > > > > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789. > > > > > > Reason for revert: Causing failure in > > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests" > > > See crbug.com/1198480 > > > > > > Original change's description: > > > > Linux sandbox syscall broker: use struct kernel_stat > > > > > > > > The struct stat used in libc is different (in size and field ordering) > > > > from the structure assumed by the Linux kernel. So, when emulating > > > > system calls, we need to use the struct definition the kernel expects. > > > > > > > > This CL adds linux_stat.h that includes definitions of the different > > > > kernel structs. > > > > > > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a > > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876 > > > > Commit-Queue: Matthew Denton <mpdenton@chromium.org> > > > > Reviewed-by: Robert Sesek <rsesek@chromium.org> > > > > Cr-Commit-Position: refs/heads/master@{#871767} > > > > > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361 > > > No-Presubmit: true > > > No-Tree-Checks: true > > > No-Try: true > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812 > > > Auto-Submit: Victor Vianna <victorvianna@google.com> > > > Owners-Override: Victor Vianna <victorvianna@google.com> > > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > > > Cr-Commit-Position: refs/heads/master@{#871882} > > > > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115 > > Auto-Submit: Matthew Denton <mpdenton@chromium.org> > > Commit-Queue: Matthew Denton <mpdenton@chromium.org> > > Reviewed-by: Robert Sesek <rsesek@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#872812} > > Fixed: 1199431 > Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459 > Auto-Submit: Kyle Horimoto <khorimoto@chromium.org> > Commit-Queue: Matthew Denton <mpdenton@chromium.org> > Commit-Queue: Kinuko Yasuda <kinuko@chromium.org> > Reviewed-by: Matthew Denton <mpdenton@chromium.org> > Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> > Owners-Override: Kinuko Yasuda <kinuko@chromium.org> > Cr-Commit-Position: refs/heads/master@{#873173} Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936 Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Matthew Denton <mpdenton@chromium.org> Cr-Commit-Position: refs/heads/master@{#902981} NOKEYCHECK=True GitOrigin-RevId: 4b438323d68840453b5ef826c3997568e2e0e8c7
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/ uses the Seatbelt sandbox. See the detailed design for more.linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.